[Snort-users] unix socket connection with '-A unsock'

Dirk Geschke dirk at ...10648...
Sun Mar 15 07:58:08 EDT 2009


Hi Seo,

> I am trying to open unix socket with '-A unsock' option.

it is the other way: You need a program which provides the
unix socket so that snort can write to this. Every alert
is then written to this socket, take a look at the file

   src/output-plugins/spo_alert_unixsock.h

and there at the beginning the structure Alertpkt, this one
is written to the socket. So you need a process wich creates
the unix domain socket and waits for packets of this format.

Best regards

Dirk

-- 
+----------------------------------------------------------------------+
| Dr. Dirk Geschke       / Plankensteinweg 61    / 85435 Erding        |
| Telefon: 08122-559448  / Mobil: 0176-96906350 / Fax: 08122-9818106   |
| dirk at ...10648... / dirk at ...13691...  / kontakt at ...13691... | 
+----------------------------------------------------------------------+




More information about the Snort-users mailing list